Displaying items by tag: Kevin Beaumont

GUEST OPINION:  

Rapid7 is investigating two separate events affecting Fortinet firewall customers:

• Zero-day exploitation of CVE-2024-55591, an authentication bypass vulnerability in FortiOS and FortiProxy disclosed earlier this week. Successful exploitation could allow remote attackers to gain super-admin privileges via crafted requests to the Node.js websocket module.
• A January 15, 2025, dark web post from a threat actor who looks to have published IPs, passwords, and configuration data from 15,000 FortiGate firewalls. The data leaked online appears to be several years old (2022). Rapid7 has not attributed any CVEs to the leaked data at this time.

On 3 May, Microsoft chief executive Satya Nadella issued a long statement, saying in effect that security would be the most important thing for the company from now on.

Microsoft has issued a second post about the attack on its systems by an alleged Russian actor, revealing that the same actor also attacked a number of other organisations, one of which was HPE.

Attackers claimed to be backed by Russia were inside Microsoft's corporate systems for nearly two months before the company detected their presence, it says in a blog post published on Friday.

Stevedore DP World Australia appears to have been breached by a ransomware group which used a vulnerability in the Citrix NetScaler gateway, leading to the company being affected from Friday until Monday.

An unpatched vulnerability in Microsoft Exchange Server appears to have been the entry point for the attackers who breached the systems of the UK Electoral Commission, a fact disclosed by the agency on Wednesday 10 months after it was spotted.

US-based endpoint software management firm Ivanti initially blocked access to a security advisory about an exploitable zero-day in its Endpoint Manager Mobile software, formerly known as MobileIron Core.

Global security vendor Sophos says it has discovered 133 malicious drivers signed with legitimate digital certificates, with 100 of them being signed by Microsoft Windows Hardware Compatibility Publisher.

Software giant Microsoft claims outages to its Outlook, OneDrive and Azure services earlier this month were due to distributed denial of service attacks staged by a group it calls Storm-1359.

The OpenSSL Project has released fixes for two vulnerabilities in the open-source cryptographic library, with the severity of both rated "high". The accompanying documentation has justified the advice of British security expert Kevin Beaumont not to get carried away by hype over the expected announcement, as iTWire reported.

British security researcher Kevin Beaumont has played down the hype over a recent announcement about a critical flaw in the open-source cryptographic library OpenSSL from Red Hat Linux. The advisory is due on 1 November.

Threat intelligence firm SOCRadar says it has detected that sensitive data from 65,000 entities has been made public because of a misconfigured Microsoft endpoint. It has dubbed the leak BlueBleed, adding that this data was only the first part of the leak.

Professional networking site LinkedIn has reinstated British security guru Kevin Beaumont's account, after kicking him off the platform for unspecified reasons.

An authentication bypass flaw in security firm Fortinet's products, which was patched on 6 October, is being exploited in the wild, the company has confirmed.

Microsoft has released patches for 84 vulnerabilities in its products on its monthly Patch Tuesday, but failed to deliver fixes for two zero-day flaws in versions of Exchange Server that were reported publicly on 29 September.

Microsoft has changed a portion of the advice it issued for mitigation of two bugs in its Exchange Server product, but made no mention of the change, well-known British security researcher Kevin Beaumont says, adding that it looked like the company needed to familiarise itself with the source code of this product.

Microsoft says it is investigating two zero-day vulnerabilities reported to be affecting Microsoft Exchange Server 2013, 2016, and 2019.

Reports are emerging that a new zero-day exists in Microsoft Exchange and that it is being exploited in the wild, a well-known security researcher has warned.

British security researcher Kevin Beaumont has listed details about a backdoor that is claimed to infect Linux systems, with the consulting firm PwC having documented it as well. Both claim the threat emanates from China.

Authentication services provider Okta has allegedly been breached by the same group that got through the defences of Samsung and Microsoft, according to a claim made by the group on Monday, but the company has tied it to an event in January.